Zero-day vulnerability or exploit is an exploit in a software that is unknown to the vendor. This vulnerability can be used by hackers to get in to your machine or your database before the vendor or the developer builds and implements a patch. A similar zero-day exploit is on the lose for the Windows 10/8 operating system. There is a key file-sharing protocol that is supported by most Windows contemporary versions. This-day exploit can allow a hacker to launch a denial of service attack on your system and either crash it or jeopardize it.

But Microsoft, in a statement, has said that the present-day exploit isn’t very alarming and in fact, it is a “low-risk” vulnerability. This means there is no reason for Microsoft to send out and out-of-band patch. Most of the “low risk” issues are handled by their Update Tuesday schedule. This means, for the current zero-day exploit, a patch will arrive at your PC on February 14, 2017.

A big reason why Microsoft doesn’t want to send an out-of-band patch is that many machines including Windows 10, Windows 8.1, Windows Server 2016 and Windows Server 2012 R2 would be affected by the patch and it would also require the system to reboot which can cause a major problem to customers and organizations.

Microsoft Windows contains a memory corruption bug in the handling of SMB traffic, which may allow a remote, unauthenticated attacker to cause a denial of service on a vulnerable system.

Description

Microsoft Windows fails to properly handle traffic from a malicious server. In particular, Windows fails to properly handle a specially-crafted server response that contains too many bytes following the structure defined in the SMB2 TREE_CONNECT Response structure. By connecting to a malicious SMB server, a vulnerable Windows client system may crash (BSOD) in mrxsmb20.sys. We have confirmed the crash with fully-patched Windows 10 and Windows 8.1 client systems, as well as the server equivalents of these platforms, Windows Server 2016 and Windows Server 2012 R2.

Note that there are a number of techniques that can be used to trigger a Windows system to connect to an SMB share. Some may require little to no user interaction.

Exploit code for this vulnerability is publicly available.

Impact

By causing a Windows system to connect to a malicious SMB share, a remote attacker may be able to cause a denial of service by crashing Windows.